Other possible choices included Check Point, Cisco, ISS, Juniper/NetScreen, RSA, and Symantec/Veritas. Using overall averages for the three questions, Symantec edged Cisco to round out the top three worst vendors.

The obvious omission? Microsoft. While some argue the software behemoth has until recently relied on others to manage its products, the vendor's clearly enlarging its security footprint.

Some 34 percent of the sample said CA had the worst security products. There was a three-way tie for second place among Cisco, ISS, and Symantec (15 percent each). And Juniper checked in third with 14 percent.

Sage and its parent, Chadwick Martin Bailey, also noted that while Check Point was offered as an option in all categories, it received no votes. Does that mean we know who paid for the survey? No, says CMB's Chris Neal. The research house generated it independently.